CVE-2024-20100

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-20100

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

I

n wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998449; Issue ID: MSV-1603.

References
Link Resource
https://corp.mediatek.com/product-security-bulletin/October-2024 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:mediatek:iot_yocto:24.0:*:*:*:*:*:*:*
cpe:2.3:a:mediatek:software_development_kit:*:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
OR cpe:2.3:h:mediatek:mt3605:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7927:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8512:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8695:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8698:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8755:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8792:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*
History

25 Apr 2025, 18:36

Type Values Removed Values Added
Summary
  • (es) En el controlador WLAN, existe una posible escritura fuera de los límites debido a una validación de entrada incorrecta. Esto podría provocar la ejecución remota de código sin necesidad de privilegios de ejecución adicionales. No se necesita interacción del usuario para la explotación. ID de parche: ALPS08998449; ID de problema: MSV-1603.
CPE cpe:2.3:h:mediatek:mt8512:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8755:-:*:*:*:*:*:*:*
cpe:2.3:a:mediatek:software_development_kit:*:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8792:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:a:mediatek:iot_yocto:24.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt3605:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8698:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7927:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8695:-:*:*:*:*:*:*:*
References () https://corp.mediatek.com/product-security-bulletin/October-2024 - () https://corp.mediatek.com/product-security-bulletin/October-2024 - Vendor Advisory
First Time Mediatek mt6985
Mediatek mt8775
Google android
Mediatek mt8676
Mediatek mt8512
Mediatek mt7927
Mediatek software Development Kit
Google
Mediatek mt6990
Mediatek mt8755
Mediatek mt8796
Mediatek mt8678
Mediatek iot Yocto
Mediatek mt8695
Mediatek mt8365
Mediatek mt8792
Mediatek mt6989
Mediatek mt8698
Mediatek mt8183
Mediatek mt3605
Mediatek

07 Oct 2024, 19:36

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8

07 Oct 2024, 03:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-07 03:15

Updated : 2025-04-25 18:36

NVD link : CVE-2024-20100

Mitre link : CVE-2024-20100

CVE.ORG link : CVE-2024-20100

JSON object : View

Products Affected

mediatek

google

CWE
CWE-787

Out-of-bounds Write